Blog un po' nerd - Page 4 of 4 - Nerd is the new Hipster

Bookly #1 WordPress Booking Plugin (Lite) 13.2 – Blind Stored XSS

10 February 2018luigi

INFO Product: Bookly #1 WordPress Booking Plugin (Lite Version) Version: 13.2 Active installations: 10,000+ Product page: https://wordpress.org/plugins/bookly-responsive-appointment-booking-tool/ CVE: 2018-6891 DESCRIPTION An unauthenticated user can inject arbitrary persistent javascript code in the admin panel. PROOF OF CONCEPT Bookly Lite 13.2 and Bookly Pro 14.5 are affected, probably even earlier versions. I think the problem is that jQuery.ajax request is … Continue reading Bookly #1 WordPress Booking Plugin (Lite) 13.2 – Blind Stored XSS

Stored XSS via cloud attachment

20 January 2018luigi

ZOHO Mail is a business mail that includes integrated calendar, contacts, notes, and tasks apps. Initially I was looking for a stored XSS in the webmail, but I did not find it so I started checking the other services. I wondered if it was possible to inject malicious code via attachments in ZOHO Notes. By … Continue reading Stored XSS via cloud attachment

Stored XSS in touch.mail.ru

27 December 2017luigi

This is my first public disclosure on HackerOne. It is a partial disclosure, but the summary is clear: there was a stored XSS in the image preview feature via crafted attachment filename. #275274 – touch.mail.ru/messages – Stored XSS 07/10/2017 – I send the report 11/10/2017 – The vulnerability is fixed and the bug bounty reward … Continue reading Stored XSS in touch.mail.ru

XSSSonar: python tool to look for XSS

16 December 2017luigi

In my own spare time I like to participate in the bug bounty programs. They are a hard challenge, but it is satisfying to find vulnerabilities in big companies. I usually look for XSS vulnerabilities, for this reason I have written a little python script to automate the search of XSS. XSSSonar is an open … Continue reading XSSSonar: python tool to look for XSS